Analysis: the changing face of internet security

Symantec's Zulfikar Ramzan looks at emerging trends

We've all been affected by malicious internet activity, and advances in the web's technology means cyber criminals, hackers and spammers are rapidly adopting new and varied attack vectors. We look at whether predictions made by Symantec last year regarding internet security have come true and what the rest of the year will hold.

New and developing trends

Cross-industry co-operation increases in an effort to tackle cybercrimeThe Conficker worm, which grew to alarming proportions early this year, prompted collaboration across several groups to solve one of the most complex and widely spread threats to hit the web in a number of years.

The Conficker Working Group comprised industry leaders and people from academia and as they worked together, the combined efforts of the group proved successful. Security researchers, Internet Corporation for Assigned Names and Numbers (ICANN) and operators in the domain name system were able to work with several industry vendors to coordinate a response that disabled domains targeted by Conficker.

This example represents the type of collaboration that will likely increase in the industry in order to successfully address today's ever-more complex security threats.

Some old threats make comebacksWhile much has changed on the threat landscape, some basic components remain, and, more interestingly, some older trends have made a comeback.

As stated earlier, many cybercriminals have begun sending multiple distinct threats to smaller numbers of people, but there have also been notable examples of the older technique of sending a few threats to a massive number of people.

The motivation for either method is frequently financial, as much of today's malicious internet activity is, and the goal is often to steal personal data, distribute rogue antivirus software or propagate spam.

There are of course those attacks that have no real purpose except to wreak havoc, but whatever the motivation, the various methods are prompting the need for a multi-layered defense that combines traditional detection with complementary detection such as reputation-based security models.

Deceptive methods that imitate traditional business practices continue to be utilisedOne tactic cybercriminals are growing fonder of is imitating traditional business practices in an attempt to ensnare unsuspecting users. In today's world, business on the Internet is part of life.

Cybercriminals recognise this and are clever enough to imitate business interactions. Even apart from business interactions, cybercriminals have figured out how to deceive people by presenting counterfeit messages.

Examples of this include malicious advertisements or 'malvertisements', which redirect people to malicious sites, or 'scareware', which appear as antivirus scanners and scare people into thinking that their computer is infected when that's not really the case.

The user is then lured into buying a fake product. Such deception is a prevalent security risk and is growing in use.

Internet threats continue to increase in volume and severity. It is important that computer users are on guard in order to make themselves less vulnerable to risks and threats. Staying abreast of the trends and developments taking place in online security is critical for both industry researchers and all computer users alike.